#实现是通过时间戳+秘钥进行 MD5 加密处理from django.shortcuts import render,HttpResponse,redirect,reverse
from django.views.decorators.csrf import csrf_exempt
import json
#使用rest_framework ,首先要安装pip去安装Djangorestframework ,这个模块
# 在Django的settings中注册app
import hashlib
import time
from django.conf import settings
from rest_framework.views import APIView
from rest_framework.response import Response
from api import models
from api import service
#服务端临时测试
KEY = 'alksdgjaldks'
#解密
def gen_key(key,ctime):
key_str = '{}|{}'.format(key,ctime)
md5 = hashlib.md5()
md5.update(key_str.encode('utf-8'))
return md5.hexdigest()
class AssetTest(APIView):
def get(self,request):
return Response("get ok ")
def post(self,request):
result = {'status':True,'data':5666666}
#拿到key 和ctime ,MD5 正加密处理和请求的数据进行校验
sign = request._request.GET.get('sign')
ctime = request._request.GET.get('ctime')
sign_key = gen_key(KEY,ctime)
if sign != sign_key:
result['status'] = False
result['data'] = '检验不成功'
return Response(result)
客户端测试API
#!/usr/bin/env python
# -*- coding:utf-8 -*-
import requests
import time,hashlib
#通过双方有key 的方式进行验证,
key = 'alksdgjaldks'
ctime = time.time()
def gen_key():
key_str = '{}|{}'.format(key,ctime)
md5 = hashlib.md5()
md5.update(key_str.encode('utf-8'))
return md5.hexdigest()
#通过双方有key 的方式进行验证
ret = requests.post(
url = 'http://127.0.0.1:8000/api/test',
params = {'sign':gen_key(),'ctime':ctime}
)
print(ret.text)
注意测试URL路由
url(r'^test',views.AssetTest.as_view()),#CBV 写法上面是简单的加密,但是若劫持url依然可以去访问,所进一步进行修改
KEY = 'alksdgjaldks'
#解密
def gen_key(key,ctime):
key_str = '{}|{}'.format(key,ctime)
md5 = hashlib.md5()
md5.update(key_str.encode('utf-8'))
return md5.hexdigest()
SIGN_RECORD = {}
class AssetTest(APIView):
def get(self,request):
return Response("get ok ")
def post(self,request):
result = {'status':True,'data':5666666}
#拿到key 和ctime ,MD5 正加密处理和请求的数据进行校验
sign = request._request.GET.get('sign')
ctime = request._request.GET.get('ctime')
server_time = int(time.time()*1000)
if server_time - int(ctime) > 5000:
result['status'] = False
result['data'] = '证书已经过期!'
return Response(result)
if sign in SIGN_RECORD:
result['status'] = False
result['data'] = '证书已经使用!'
return Response(result)
if sign != gen_key(KEY,ctime):
result['status'] = False
result['data'] = '检验不成功'
return Response(result)
SIGN_RECORD[sign] = ctime
return Response(result)
#!/usr/bin/env python
# -*- coding:utf-8 -*-
import requests
import time,hashlib
#通过双方有key 的方式进行验证,
key = 'alksdgjaldks'
ctime = int(time.time() * 1000)
def gen_key():
key_str = '{}|{}'.format(key,ctime)
md5 = hashlib.md5()
md5.update(key_str.encode('utf-8'))
return md5.hexdigest()
#通过双方有key 的方式进行验证
ret = requests.post(
url = 'http://127.0.0.1:8000/api/test',
params = {'sign':gen_key(),'ctime':ctime}
)
print(ret.url,ret.text)
来源:https://www.cnblogs.com/michael2018/p/10516073.html